SoheilKhodayari / TheThing
TheThing: an open-source tool to detect DOM Clobbering vulnerabilities
☆45Updated last year
Alternatives and similar repositories for TheThing:
Users that are interested in TheThing are comparing it to the libraries listed below
- DOM Clobbering Wiki, Browser Testing, and Payload Generation☆48Updated 4 months ago
- Silent Spring: Prototype Pollution Leads to Remote Code Execution in Node.js☆64Updated last year
- Searcher for cross-site leaks (XS-Leaks)☆81Updated 2 years ago
- Same Origin XSS challenge☆56Updated 2 years ago
- Awesome MXSS ??☆48Updated 6 months ago
- Guided Differential Fuzzing for HTTP Request Parsing Discrepancies☆17Updated 11 months ago
- Client-Side Prototype Pollution Tools☆84Updated 3 years ago
- List of Trusted Types bypasses☆91Updated 11 months ago
- Proof of Concepts for unsafe deserialization in Ruby☆17Updated 5 months ago
- lightyear is a tool to dump files in tedious (blind) conditions using PHP filters☆84Updated 4 months ago
- ☆15Updated 3 years ago
- JAW: A Graph-based Security Analysis Framework for Client-side JavaScript☆105Updated 3 months ago
- ☆94Updated 3 years ago
- XS-Leak Browser Test Suite☆78Updated last year
- A collection of Server-Side Prototype Pollution gadgets and exploits☆182Updated last month
- This repository is an interactive collection of my solutions to various XSS challenges.☆12Updated 4 years ago
- Unsafe Unpacking Vulnerability: Lab Code, Semgrep Rules and Secure Implementation Guide☆39Updated 3 months ago
- Encode and Fuzz Custom Protobuf Messages in Burp Suite☆30Updated 3 weeks ago
- Grammar-based HTTP/2 fuzzer with mutation ability☆43Updated 2 years ago
- Scalpel is a Burp extension for intercepting and rewriting HTTP traffic, either on the fly or in the Repeater using Python 3 scripts.☆58Updated 10 months ago
- Find all libraries on cdn.js that pollute your prototype☆18Updated 2 years ago
- This repository is a one-stop shop for diving deep into the fascinating world of mXSS (mutations caused by browser quirks in HTML parsing…☆18Updated last month
- tetctf2020_amf_writeups☆23Updated 4 years ago
- A collection of Semgrep rules which followed security guidelines for .NET and Java.☆21Updated 3 years ago
- Updated version of the ProtoBurp Extension, with enhanced features and capabilities to encode and fuzz custom protobuf messages☆36Updated last year
- An extension to use Semgrep inside Burp Suite.☆88Updated last year
- jws2pubkey tool☆38Updated 9 months ago
- A collection of my Semgrep rules☆48Updated last year
- a repository of all the CTF challenges I've made for public events☆54Updated last year
- Utility for creating ZipSlip archives☆72Updated 2 years ago